From: merch-redmine@... Date: 2019-07-18T21:44:16+00:00 Subject: [ruby-core:93837] [Ruby master Bug#8720] ECB mode seems to be broken Issue #8720 has been updated by jeremyevans0 (Jeremy Evans). Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN) Status changed from Open to Closed I agree that we should do better in this area. When calling `Cipher#encrypt` or `Cipher#decrypt` without arguments, the cipher is initialized with an empty key. This is normally not a problem, since you are supposed to call these methods directly after initializing the cipher according to the documentation. However, if you set the key first, then call one of the methods, the methods use a NULL key, but keep the flag that records whether the key was set. I submitted a pull request to unset the flag if the key is set to NULL. That way `Cipher#update` will raise an error that the key is not set, unless you set the key again after calling `encrypt` or `decrypt`. This pull request was just merged: https://github.com/ruby/openssl/pull/263. ---------------------------------------- Bug #8720: ECB mode seems to be broken https://bugs.ruby-lang.org/issues/8720#change-79711 * Author: netjunki (Ben Lau) * Status: Closed * Priority: Normal * Assignee: openssl * Target version: * ruby -v: ruby 2.0.0p283 (2013-07-28) [x86_64-darwin12.0.0] * Backport: ---------------------------------------- The reporting on this is partially from someone else's work that I found in a gist on github: https://gist.github.com/tarcieri/5550786 But there appears to be some sort of issue with ECB mode. It works correctly in JRuby, which I assume is due to the fact that JRuby is using Java's underlying crypto libs instead of OpenSSL. I've attached the test code from the gist. I've also included the output in the description here from my run with latest svn and the gist for reference: Testing output: $ /usr/local/bin/ruby --version; /usr/local/bin/ruby ecb_test.rb ruby 2.0.0p283 (2013-07-28) [x86_64-darwin12.0.0] Testing encryption: FAILED! Got "\xCE\x9Dp\xDFL\xD0\x95\xC3\x13\x18+\xAC\x1D2\xE7\x15" instead of ":\xD7{\xB4\rz6`\xA8\x9E\xCA\xF3$f\xEF\x97" Testing decryption: OK! $ ruby --version; ruby ecb_test.rb ruby 1.9.3p392 (2013-02-22 revision 39386) [x86_64-darwin12.3.0] Testing encryption: FAILED! Got "\xCE\x9Dp\xDFL\xD0\x95\xC3\x13\x18+\xAC\x1D2\xE7\x15" instead of ":\xD7{\xB4\rz6`\xA8\x9E\xCA\xF3$f\xEF\x97" Testing decryption: OK! $ ruby --version; ruby ecb_test.rb ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-darwin12.3.0] Testing encryption: FAILED! Got "\xCE\x9Dp\xDFL\xD0\x95\xC3\x13\x18+\xAC\x1D2\xE7\x15" instead of ":\xD7{\xB4\rz6`\xA8\x9E\xCA\xF3$f\xEF\x97" Testing decryption: OK! $ ruby --version; ruby ecb_test.rb jruby 1.7.2 (1.9.3p327) 2013-01-04 302c706 on Java HotSpot(TM) 64-Bit Server VM 1.7.0_21-b12 [darwin-x86_64] Testing encryption: OK! Testing decryption: OK! ---Files-------------------------------- ecb_test.rb (953 Bytes) -- https://bugs.ruby-lang.org/ Unsubscribe: